package com.hangsu.train.components.configuration;


import com.hangsu.train.components.service.SecurityService;
import com.hangsu.train.components.service.UserService;
import com.hangsu.train.core.shiro.JwtFilter;
import com.hangsu.train.core.shiro.MtRealm;
import com.hangsu.train.core.shiro.ShiroFilter;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author lyy
 */
@Configuration
public class ShiroConfiguration {

    @Bean
    public Realm realm(UserService userService, SecurityService securityService) {
        MtRealm realm = new MtRealm();
        realm.setUserService(userService);
        realm.setSecurityService(securityService);
        return realm;
    }

    @Bean
    public DefaultWebSecurityManager securityManager(Realm realm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(realm);
        // close session
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        defaultWebSecurityManager.setSubjectDAO(subjectDAO);
        return defaultWebSecurityManager;
    }

    @Bean
    public FilterRegistrationBean<ShiroFilter> registrationShiroFilter(DefaultWebSecurityManager securityManager) {

        ShiroFilter shiroFilter = new ShiroFilter();
        shiroFilter.setStaticSecurityManagerEnabled(true);
        shiroFilter.setSecurityManager(securityManager);

        DefaultFilterChainManager manager = new DefaultFilterChainManager();
        manager.addFilter(JwtFilter.NAME, new JwtFilter());
        // web admin
        manager.createChain("/login", "anon");

        manager.createChain("/**", JwtFilter.NAME);
        manager.createDefaultChain("/**");

        PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
        chainResolver.setFilterChainManager(manager);
        shiroFilter.setFilterChainResolver(chainResolver);

        return new FilterRegistrationBean<>(shiroFilter);
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    /**
     * 自动创建代理
     * @return
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

}